internal server error (i think its htacces file error)

Ok please help me, i recently installed linkbidscript on my website www.kan2.org
and im getting internal error when i try to check backlinks:
Im on godaddy servers
This is url that makes me error:
http://kan2.org/linkadmin/activate.php?id=1098&x=kan2.org/linkadmin/manage_link.php

this is my htacess in root:

AddType application/x-httpd-php .xml
Options +Indexes
Options +FollowSymlinks
RewriteEngine on
RewriteRule ^(.*)/(.*)/(.*)/(.*).html$ category.php?pageNum_catPcatLN=$2&totalRows_catPcatLN=$3&category=$4 [L]
RewriteRule ^(.*)/(.*)/links.html$ links.php?pageNum_TLlista=$1&totalRows_TLlista=$2&categ=$3 [L]
RewriteRule ^(.*)/(.*)/new-links.html$ new-links.php?pageNum_NLlista=$1&totalRows_NLlista=$2&categ=$3 [L]
RewriteRule ^(.*)/(.*)/search.html$ search.php?pageNum_SEARlista=$1&totalRows_SEARlista=$2&categ=$3 [L]
RewriteRule ^(.*)/(.*)/(.*).html$ list.php?pageNum_lisPcatLN=$1&totalRows_lisPcatLN=$2&categ=$3 [L]
RewriteRule ^(.*)/(.*).html$ details.php?ucat=$1&wseoname=$2 [L]
#RewriteRule ^(.*)/(.*)/$ upgrade.php?name=$1&ucat=$2 [L]
RewriteRule ^(.*)/(.*)/(.*)/(.*)/$ category.php?cat1=$1&cat2=$2&cat3=$3&category=$4 [L]
RewriteRule ^(.*)/(.*)/(.*)/$ category.php?cat1=$1&cat2=$2&category=$3 [L]
RewriteRule ^(.*)/(.*)/$ category.php?cat1=$1&category=$2 [L]
RewriteRule ^(.*)/$ category.php?category=$1 [QSA,L]
RewriteRule ^(.*).html$ list.php?categ=$1 [L]

Code (markup):

Maybe if i rewrite t different or change options in thsi file?

any help is appreciated

 

Error is not in .apache, i just got error log read.
[Sun Oct 19 14:07:01 2008] [error] [client 83.131.2.174] malformed header from script. Bad header=No recipient addresses found i: /********************************************************************/linkadmin/activate.php

here is activate file:

<?php

include('restrict.php');

include('../settings.php');

require_once('../Connections/apound.php');



$id = $_GET[id];

$x = $_GET[x];

$avail = "Y";

$paid = "Y";



$link = mysql_pconnect($hostname_apound,$username_apound,$password_apound);

mysql_select_db($database_apound);

mysql_query("UPDATE main SET avail='$avail' WHERE dtu='$id'");

mysql_query("UPDATE main SET paid='$paid' WHERE dtu='$id'");



mysql_select_db($database_apound, $apound);

$query_SMTC = "SELECT * FROM main WHERE main.dtu = '$id'";

$SMTC = mysql_query($query_SMTC, $apound) or die(mysql_error());

$row_SMTC = mysql_fetch_assoc($SMTC);

$totalRows_SMTC = mysql_num_rows($SMTC);

$custm = $row_SMTC['email'];

$cbidid = $row_SMTC['dtu'];

$ckeyword = $row_SMTC['title'];

$curl = $row_SMTC['site'];





$kinek = "$custm";

$targy = "ACTIVATION - Thank you for your listing";

$uzenet = "Your Listing ID: $cbidid is ENABLED\n

Your Listing Title: $ckeyword\n

Your Listing URL: $curl\n

View details or upgrade your listing: http://$domainname$pathmail/upgrade.php?ucat=$cbidid

--------------------------------------------------------------------------

$bidmailmessage

--------------------------------------------------------------------------

Contact and Support: http://$domainname$pathmail/contact.php";

$fejlec = "From: $sitetitle <$frommail>\r\n";

mail($kinek, $targy, $uzenet, $fejlec);



mysql_free_result($SMTC);





/* ############################################## */

/*                                                */

/* Start overbid notification section for lbs 1.5 */

/*                                                */

/* ############################################## */





// Check if overbid notification are enabled or no



mysql_select_db($database_apound, $apound);

$query_OBST = "SELECT overbid FROM confset";

$OBST = mysql_query($query_OBST, $apound) or die(mysql_error());

$row_OBST = mysql_fetch_assoc($OBST);

$totalRows_OBST = mysql_num_rows($OBST);



$o_enabled = $row_OBST['overbid'];



mysql_free_result($OBST);





if($o_enabled == 'Y') {

						// Select the new bid details

						

						mysql_select_db($database_apound, $apound);

						$query_OBN = "SELECT * FROM main WHERE dtu = '$id'";

						$OBN = mysql_query($query_OBN, $apound) or die(mysql_error());

						$row_OBN = mysql_fetch_assoc($OBN);

						$totalRows_OBN = mysql_num_rows($OBN);

						

						$nb_dtu = $row_OBN['dtu'];

						$nb_categ = $row_OBN['categ'];

						$nb_bid = $row_OBN['bid'];

						$nb_maincategory = $row_OBN['maincategory'];

						

						mysql_free_result($OBN);

						

						// Using the new bid details, select the 'overbid record' for LETTER

						

						mysql_select_db($database_apound, $apound);

						$query_OLDa = "SELECT * FROM main WHERE categ = '$nb_categ' AND bid < '$nb_bid' AND avail = 'Y' ORDER BY bid DESC";

						$OLDa = mysql_query($query_OLDa, $apound) or die(mysql_error());

						$row_OLDa = mysql_fetch_assoc($OLDa);

						$totalRows_OLDa = mysql_num_rows($OLDa);

						

						$old_id_L = $row_OLDa['dtu'];

						$old_bid_L = $row_OLDa['bid'];

						$old_site_L = $row_OLDa['site'];

						$old_email_L = $row_OLDa['email'];

						

						mysql_free_result($OLDa);

						

						// Using the new bid details, select the 'overbid record' for CATEGORY

						

						mysql_select_db($database_apound, $apound);

						$query_OLDb = "SELECT * FROM main WHERE maincategory = '$nb_maincategory' AND bid < '$nb_bid' AND avail = 'Y' ORDER BY bid DESC";

						$OLDb = mysql_query($query_OLDb, $apound) or die(mysql_error());

						$row_OLDb = mysql_fetch_assoc($OLDb);

						$totalRows_OLDb = mysql_num_rows($OLDb);

						

						$old_id_C = $row_OLDb['dtu'];

						$old_bid_C = $row_OLDb['bid'];

						$old_site_C = $row_OLDb['site'];

						$old_email_C = $row_OLDb['email'];

						

						mysql_free_result($OLDb);

						

						$seo_name = $row_OLDb['title']; $seo_name = str_replace(" ", "-", $seo_name); $seo_name = "$seo_name";

						

						// Get the outbid message template from the database

						

						mysql_select_db($database_apound, $apound);

						$query_OBT = "SELECT overbid_L_s, overbid_L, overbid_C_s, overbid_C FROM confset";

						$OBT = mysql_query($query_OBT, $apound) or die(mysql_error());

						$row_OBT = mysql_fetch_assoc($OBT);

						$totalRows_OBT = mysql_num_rows($OBT);

						

						$overbid_L_s = $row_OBT['overbid_L_s'];

						$overbid_C_s = $row_OBT['overbid_C_s'];

						

						$overbid_L = $row_OBT['overbid_L'];

						eval("\$overbid_L = \"$overbid_L\";");

						

						$overbid_C = $row_OBT['overbid_C'];

						eval("\$overbid_C = \"$overbid_C\";");

						

						mysql_free_result($OBT);

						

						// Send out the overbid mail for LETTER

						

						$kinek  = "$old_email_L";

						$targy = "$overbid_L_s";

						$uzenet = "$overbid_L";

						$fejlec = "From: $sitetitle <$frommail>\r\n";

						mail($kinek, $targy, $uzenet, $fejlec);

						

						// Send out the overbid mail for CATEGORY

						

						$kinek  = "$old_email_C";

						$targy = "$overbid_L_s";

						$uzenet = "$overbid_L";

						$fejlec = "From: $sitetitle <$frommail>\r\n";

						mail($kinek, $targy, $uzenet, $fejlec);

}

else {}

/* #############################################*/

/*                                              */

/* End overbid notification section for lbs 1.5 */

/*                                              */

/* #############################################*/

header("Location: http://$x");

?>

Code (markup):

I think error is at bottom, but dont know hwo to fix it header("Location: http://$x");

 

"No recipient addresses found" suggests to me that you must be sending email somewhere in that script.

I looked through it and found this:

mail($kinek, $targy, $uzenet, $fejlec);

PHP:

(I don't know very much Croatian but I know what parameters the mail() function takes in English and $kinek should be the recipient's email address.)
A few lines above this we have:

$kinek = "$custm";

PHP:

and above that we have:

$query_SMTC = "SELECT * FROM main WHERE main.dtu = '$id'";

$SMTC = mysql_query($query_SMTC, $apound) or die(mysql_error());

$row_SMTC = mysql_fetch_assoc($SMTC);

$totalRows_SMTC = mysql_num_rows($SMTC);

$custm = $row_SMTC['email'];

PHP:

So you have a customer record in a database and your script retrieves the email address from that customer record and send an email to them. I suspect that one of your customers doesn't have a valid email address in your database.

I would recommend validating any piece of information you are planning on using before you use it. For instance, a simple test would be to make sure you have a valid email address before trying to send email.

if(!preg_match("/^([0-9a-zA-Z]+[-\._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+\.)+[a-zA-Z]{2,6}$/", $custm))
{
  mail("webmaster@kan2.org", "Error in $PHP_SELF", "A customer ($cbidid) doesn't have valid email address.", "webmaster@kan2.org");
}

PHP:

While we are on the topic, there a lots of places in this script where you really need to validate the information before you use it.

For instance, this bit here:

$id = $_GET[id];
$x = $_GET[x];
$avail = "Y";
$paid = "Y";

$link = mysql_pconnect($hostname_apound,$username_apound,$password_apound);
mysql_select_db($database_apound);
mysql_query("UPDATE main SET avail='$avail' WHERE dtu='$id'");
mysql_query("UPDATE main SET paid='$paid' WHERE dtu='$id'");

PHP:

Uses the parameter 'id' in an SQl query without checking what is contained within it at all. If someone changed their request to look like this: ?id=1234' OR 1=1-- then the resulting SQL query would mark every record in the database as having been paid. If they wanted to they could also drop the entire database or change any user's email address or pretty much anything else.

I hope you make regular backups of your database.

They could also modify the 'x' parameter to redirect themselves to some other website instead of yours when they are finished. This may not sound too bad but open redirects like this are a way spammers insert their spammy links in emails by pointing the link at your site and having your site redirect to the spam site.

Security is important.

 

wow man you helped me, it was so simple help and it works, well done i give you rating for this.

Also i will direct script owners to see what you say about security.